Enzo Biochem penalized $45M for lax data security leading to cyberattack
TRI-STATE REGION — THE BIOTECH/LAB TESTING COMPANY ENZO BIOCHEM must pay New York State $4.5 million for a security breach and for failing to protect New Yorkers’ health data, State Attorney General Letitia James announced on Tuesday, Aug. 13. Attorney General James and her counterparts in Connecticut and New Jersey today secured $4.5 million from Enzo Biochem, Inc. (Enzo) for failing to adequately safeguard the personal and private health information of its patients. Enzo is a biotechnology company that offers patients diagnostic testing at its laboratories in the tri-state area. The Office of the Attorney General (OAG) found that Enzo had poor data security practices, which led to a ransomware attack that compromised the personal and private information of approximately 2.4 million patients, including more than 1.4 million New York residents. Last year, cyber-attackers were able to infiltrate Enzo’s networks using two employee login credentials that it turns out were shared between five Enzo employees. The attackers then installed malware on several of Enzo’s systems, stealing files and data with sensitive patient information, including names, Social Security numbers, and medical treatment/diagnosis information. Enzo was unaware of the hack until several days later because the company lacked a system or process in place to monitor or provide notice of suspicious activity.
New York will receive $2.8 million of the agreement and Enzo will be required to strengthen its data security practices.
✰✰✰
Leave a Comment
Leave a Comment